Révision 316bc3f8
Allow IPv4 and IPv6 only rules
| manifests/simplerule.pp | ||
|---|---|---|
| 18 | 18 |
$comment = undef, |
| 19 | 19 |
Optional[Variant[Array[Stdlib::Port, 1], Stdlib::Port, Pattern[/\d+-\d+/]]] |
| 20 | 20 |
$dport = undef, |
| 21 |
Optional[Enum['tcp', 'udp']]
|
|
| 21 |
Optional[Enum['tcp', 'tcp4', 'tcp6', 'udp', 'udp4', 'udp6']]
|
|
| 22 | 22 |
$proto = undef, |
| 23 | 23 |
){
|
| 24 | 24 |
|
| spec/defines/simplerule_spec.rb | ||
|---|---|---|
| 71 | 71 |
) |
| 72 | 72 |
} |
| 73 | 73 |
end |
| 74 |
|
|
| 75 |
describe 'only IPv4 TCP traffic' do |
|
| 76 |
let(:params) do |
|
| 77 |
{
|
|
| 78 |
dport: 333, |
|
| 79 |
proto: 'tcp4', |
|
| 80 |
} |
|
| 81 |
end |
|
| 82 |
|
|
| 83 |
it { is_expected.to compile }
|
|
| 84 |
it {
|
|
| 85 |
is_expected.to contain_nftables__rule('default_in-my_default_rule_name').with(
|
|
| 86 |
content: 'ip version 4 tcp dport 333 accept', |
|
| 87 |
) |
|
| 88 |
} |
|
| 89 |
end |
|
| 90 |
|
|
| 91 |
describe 'only IPv6 UDP traffic' do |
|
| 92 |
let(:params) do |
|
| 93 |
{
|
|
| 94 |
dport: 33, |
|
| 95 |
proto: 'udp6', |
|
| 96 |
} |
|
| 97 |
end |
|
| 98 |
|
|
| 99 |
it { is_expected.to compile }
|
|
| 100 |
it {
|
|
| 101 |
is_expected.to contain_nftables__rule('default_in-my_default_rule_name').with(
|
|
| 102 |
content: 'ip version 6 udp dport 33 accept', |
|
| 103 |
) |
|
| 104 |
} |
|
| 105 |
end |
|
| 74 | 106 |
end |
| 75 | 107 |
end |
| 76 | 108 |
end |
| templates/simplerule.epp | ||
|---|---|---|
| 3 | 3 |
Optional[Variant[Array[Stdlib::Port, 1], Stdlib::Port, String]] $dport, |
| 4 | 4 |
Optional[String] $proto, |
| 5 | 5 |
| -%> |
| 6 |
<%- if $proto {
|
|
| 7 |
$_proto = $proto ? {
|
|
| 8 |
/tcp(4|6)?/ => 'tcp', |
|
| 9 |
/udp(4|6)?/ => 'udp', |
|
| 10 |
} |
|
| 11 |
$_ip_version_filter = $proto ? {
|
|
| 12 |
/(tcp4|udp4)/ => 'ip version 4', |
|
| 13 |
/(tcp6|udp6)/ => 'ip version 6', |
|
| 14 |
default => undef, |
|
| 15 |
} |
|
| 16 |
} else {
|
|
| 17 |
$_ip_version_filter = undef |
|
| 18 |
} -%> |
|
| 6 | 19 |
<%- if $proto and $dport {
|
| 7 | 20 |
if $dport =~ Array {
|
| 8 |
$_destination = "${proto} dport {${dport.join(', ')}}"
|
|
| 21 |
$_destination = "${_proto} dport {${dport.join(', ')}}"
|
|
| 9 | 22 |
} else {
|
| 10 |
$_destination = "${proto} dport $dport"
|
|
| 23 |
$_destination = "${_proto} dport $dport"
|
|
| 11 | 24 |
} |
| 12 | 25 |
} else {
|
| 13 | 26 |
$_destination = undef |
| ... | ... | |
| 17 | 30 |
} else {
|
| 18 | 31 |
$_comment = undef |
| 19 | 32 |
} -%> |
| 20 |
<%= regsubst(strip([$_destination, $_comment, $action].join(' ')), '\s+', ' ', 'G') -%>
|
|
| 33 |
<%= regsubst(strip([$_ip_version_filter, $_destination, $_comment, $action].join(' ')), '\s+', ' ', 'G') -%>
|
|
Formats disponibles : Unified diff